Survey of interfaces and visualizations of complex networks

About

Monitoring big computer networks is a challenge. These networks are constructed of a variety of different devices and generate a lot of different data formats. Keeping track of security issues is often a matter of correlating changes in data at different positions in the network. So called SIEMs (Security Information and Event Management systems) aggregate data from the different sources and correlate it.
These systems assist the user in detecting threats and risks by applying pattern recognition algorithms to the data. These algorithms can only give hints where further investigation might be needed, they are not precise enough to make decisions on their own and don’t substitute human analysis. Sometimes threats are not discovered at all by the algorithms. This is where the work of the security administrator starts. He has to investigate the different data sources either on a textual basis or by looking at graphs that are often available in SIEMs in the so called dashboard, a section of the interface that summarizes all the relevant information visually in one view.

This blog takes a look at how information visualization can support the process of detecting malicious activity in networks. How can existing solutions in this area be enhanced by better visualizations? Are there completely new ways to visualize network data?
On a more abstract level it deals with the question of how the human ability to detect patterns relates to algorithm-based pattern detection. At what point is the human perception essential, when is it reasonable to rely on technology? These questions apply to other areas as well like, e.g., in medicine, where changes in human tissue can be detected by algorithms as well.